» 

Blog

GoAnywhere MFT wins 2016 Cybersecurity Excellence Award

Linoma Software, a leader in providing enterprise-class security and managed file transfer solutions, has been awarded the 2016 Cybersecurity Excellence Award. Linoma's GoAnywhere Managed File Transfer™ software was chosen as the winner in the Secure File Transfer product category.

Cybersecurity Excellence Award Winner 2016Feature-rich and affordable, GoAnywhere MFT garnered high praise from voter participants. "Our company leverages dozens of software solutions. None has a better value proposition than GoAnywhere. We've automated manual processes, saving time," said Shaun S. "We've secured existing file transfers with minimal effort and no disruption. And we've migrated acquisitions off products that cost ten times more at no additional cost to our existing structure!"

The Cybersecurity Excellence Awards honor individuals and companies that demonstrate excellence, innovation and leadership in the information security industry. Nominees were carefully considered by the Information Security Community on LinkedIn which is comprised of over 300,000 cybersecurity professionals. Weighing in with their votes and comments, the group determined the final winning products for each category.

"Congratulations to Linoma for being recognized as the winner in the Secure File Transfer product category of the 2016 Cybersecurity Excellence Awards," said Holger Schulze, founder of the 300,000-member Information Security Community on LinkedIn. "With over 430 entries, the awards are highly competitive and our winners reflect the very best in product innovation and excellence in the cybersecurity space."


About the Cybersecurity Excellence Awards

The Cybersecurity Excellence Awards are produced in cooperation with the Information Security Community on LinkedIn, tapping into the experience of over 300,000+ cybersecurity professionals to recognize the world's best cybersecurity products, individuals and organizations. For more info: Cybersecurity-Excellence-Awards.com


The State of Data Security Technology: 4 Essential Safeguards

Enterprises today are capturing more data than ever. And while collecting an increasing amount of data yields valuable insights and the ability to connect more effectively with customers, it also creates more concerns -- mostly around security.

Sixty-nine percent of North American and European security decision-makers report they are responsible for protecting customers' personal information. As a result, the pressure is rising -- and so are the budgets. According to a recent Forrester report, 36 percent expect to increase spending in this area. But with increased media coverage highlighting devastating cyber attacks and security breaches, companies are asking, "How can we best ensure that this doesn't happen to our company?"

Data Security and Privacy

Many technologies claim to be the "cure all" to growing security concerns, yet with so much available, how can you be sure that you're selecting the right tools? Forrester recently explored the state of security through examining past research and surveying 53 field experts. The company highlighted important solutions that will play a critical role. Here are four to watch.

GAMFT Cloud Protection Solutions Data SecurityCloud data protection solutions.

Enterprises are seeking solutions that allow them to encrypt their own data and hold the keys, in contrast to older models that rely on a cloud or third-party provider's native encryption solution. This type of solution works by encrypting sensitive data before it leaves the enterprise network, rendering it unreadable or useless to cyber criminals. The cost to implement is moderate, and the solution can be deployed as an on-premise or virtual application or as hardware. It's typically priced per user and often based on the per-user pricing of an SaaS agreement.

GAMFT Email Encryption Data SecurityEmail encryption.

Regardless of the industry, email often contains confidential information that requires safeguarding. This is especially true for industries that are under strict regulatory scrutiny, such as the health care industry. Forrester predicts that email encryption adoption will remain steady over the next decade as compliance concerns rise. This solution works by encrypting emails between recipients so that only the correct email recipient is able to read the content and download attachments. This is typically offered as a feature of a security solution or service, and can have the added advantage or removing file size restrictions. Pricing is moderate and enterprises can typically select from a hosted or on-premise solution.

GAMFT Managed File Transfer Data SecurityManaged File Transfer.

Managed file transfer is an important technology to help organizations protect and audit their data transmissions. It's at the core of many B2B interactions and serves as an effective replacement for unsecure methods such as FTP and email. MFT is proving especially important in financial services, healthcare, public sector and manufacturing, where security concerns are very high. The technology works by allowing for the secure movement of files between business applications internally and externally. It's typically offered as an on-premise solution or hosted service, and pricing can vary greatly. Because it's typically a replacement for a legacy FTP system, migration to a Secure Managed File Transfer solution is the ideal opportunity to review additional enterprise requirements for batch or ad-hoc file transfers.

GAMFT File Sharing Data SecuritySecure file sharing and collaboration.

Workers today are increasingly interacting remotely using consumer-grade cloud sharing tools, also called EFSS (Enterprise File Sync and Sharing). This remote workforce benefits greatly from using a professional platform to synchronize files across multiple devices. As a result, Forrester expects the demand for secure methods of file sharing and collaboration to continue growing. These EFSS tools allow for the safeguarding of information while sharing data and documents with internal and external partners. File sync and file distribution capabilities can also be included. The cost is typically low to implement, with services delivered on-premise or from the cloud and are priced per user.

Moving Forward

Data security is entering the golden age. S&R professionals will continue to feel increased pressure to analyze all available security options, stay nimble, and adjust quickly to ensure data privacy and security moving forward. Selecting options that offer a progressive amount of security and internal control over data, however, will ensure that enterprises are safeguarding critical data while navigating an increasingly complex regulatory environment.


How to Implement RSA SecurID via RADIUS with GoAnywhere Managed File Transfer™

Linoma Software recently announced their certification as an RSA® Ready certified partner and the integration of RADIUS and RSA SecurID© within GoAnywhere MFT™. Organizations already using RSA Authentication protocols can now easily implement RSA SecurID as a login method to be used by Admin Users, Web Users or as a second login step for Web Users in GoAnywhere MFT.

Here is a quick walkthrough of the RADIUS configuration in GoAnywhere MFT as shown in the RSA Ready implementation guide. Before you attempt to configure your software, always backup your files and be sure to consult the official implementation guide for further details and recommendations. RSA Radius SecurID GoAnywhere MFT Screens By default, Admin User and Web User passwords are authenticated against the passwords stored in the GoAnywhere database. Optionally, you can configure GoAnywhere Login Methods for basic authentication of Admin User and Web User passwords against a RADIUS (RSA SecurID) server located within your organization. Web User accounts can also be authenticated to the HTTPS Web Client using RSA SecurID tokens.

How to set up RADIUS (RSA SecurID) in GoAnywhere MFT

  1. To add a RADIUS Login Method, log in to the GoAnywhere MFT Admin Server as an Admin User with the Security Officer role. Complete the required information.
  2. From the main menu bar, select Users, and then click the Login Methods Link.
  3. In the Login Methods page, click the Add Login Method link in the page toolbar.
  4. Select Basic Authentication from the Select Login Method Type page and then click Continue.
  5. Complete the required information
    • Name - A unique name for the Login Method.
    • Description - The description field is optional text to describe the login method. Limited to 512 characters.
    • Type - The authentication type used by the Login Method. Choose RADIUS
    • Shared Secret - The shared secret provided by the RADIUS server. GoAnywhere automatically encrypts the shared secret with AES-256 bit encryption.
    • Host - The host name or IP address of the RADIUS server.
    • Port - The port number to use for connecting to the RADIUS server. If left blank, the default port number is 1645.
    • Timeout - The maximum amount of time, in seconds, to wait for a response from the RADIUS server. A value of 0 (zero) is interpreted as infinite timeout. The default timeout is 300 seconds
    • Retry Attempts - The number of times to retry the RADIUS connection if it cannot be established. This setting is used for both the initial connection and any reconnect attempts due to lost connections. If left blank, then no retries will be attempted.
  6. Click the Save button to save the settings.

RSA Radius RSA SecurID GoAnywhere Managed File Transfer If you need assistance with configuration of GoAnywhere MFT with RADIUS and RSA SecurID, our support team is ready to help. Visit our support page to get the help you need when you need it via email, phone, live online chat, forums or our customer portal.


GoAnywhere Managed File Transfer™ Offers More Secure Access with RADIUS and RSA SecurID© Technology

Organizations using RSA authentication protocols can benefit with quick and easy integration of RADIUS and RSA SecurID in GoAnywhere MFT.

Linoma Software RSA Ready Certified Partner for GoAnywhere MFT with RADIUS and SecurIDLinoma Software, an RSA® Ready certified partner, today announced the addition of RADIUS and award-winning RSA SecurID technology to GoAnywhere Managed File Transfer, allowing simple integration for organizations using RSA authentication protocols for administrator and user access. One of the world's most widely used two-factor user authentication solutions, RSA SecurID works in conjunction with GoAnywhere MFT to securely validate authorized identities and provide non-repudiable access to servers, data and file sharing using key fobs or token apps.

The strong, multi-factor authentication found in RSA SecurID allows organizations to solve the issue of weak passwords with an enforceable and user-friendly solution to prevent unauthorized access to sensitive data. With over 40 million people and 30,000 companies using RSA SecurID, it has become a market leader for securing access to applications and resources.

"By integrating RADIUS and RSA SecurID with GoAnywhere MFT, it significantly raises the bar on our security offerings and provides a way to not only simplify the user experience, but improve efficiency of identity and access management across the board," said Bob Luebbe, President and Chief Architect at Linoma Software. "Security is paramount to our company. The extremely high level of access security that RADIUS and RSA SecurID provides our customers made it a natural fit to incorporate into GoAnywhere MFT to counteract evolving security threats."

Award-winning GoAnywhere MFT allows for configuration of authentication methods per user using many different authentication types including LDAP, Active Directory and IBM i. System administrators can now configure a RADIUS (RSA SecurID) login method to be used by Admin Users, Web Users or as a second login step for Web Users. The supported features in GoAnywhere MFT include RSA SecurID Authentication via RADIUS protocol and IPv6 in addition to On-Demand Authentication via RADIUS protocol. Existing RSA SecurID customers can easily integrate their RSA Authentication Manager with GoAnywhere in minutes.

The integration guide for GoAnywhere and RADIUS (RSA SecurID) can be found here on RSA Link.


Accelerated File Transfer and Security Domains in Latest Release of GoAnywhere MFT

Linoma Software announces two significant enhancements in Version 5.2 of the award winning GoAnywhere Managed File Transfer software.  A new file transfer acceleration protocol called GoFast™ improves delivery speed and reliability when compared to traditional FTP, and Domains allows organizations to segregate users and workflows to provide an additional layer of data security.

GoFast Accelerated File TransferThe new GoFast protocol uses multiple UDP channels to accelerate the movement of files between servers. This acceleration is especially useful for moving large files, including videos and backup sets, across the internet or wide area networks (WANs). Options are provided in GoFast to protect confidential transfers with strong AES-256 encryption, as well as compress transmissions to minimize bandwidth requirements. Since GoFast is a feature within the GoAnywhere Managed File Transfer solution, it takes full advantage of the available automation, auditing and reporting capabilities in the product.

Domains can be used to segregate GoAnywhere MFT into multiple security zones where authorized users can only work with trading partners, workflows and logs belonging to their assigned domains.  This functionality benefits organizations that need to share a single installation of GoAnywhere with multiple divisions or departments, while maintaining separation of administrative access. Each domain can be locked into certain network folders to prevent unauthorized access by other administrators.

Continuing Advancements with GoAnywhere Automation & Security

Current GoAnywhere MFT customers that upgrade to the current release also gain new functionality for workflow automation and user authentication. Highlights for some of the new features include:

  • Support for Amazon S3 Buckets and WebDAV resources that can be used as file storage for trading partners and workflows.
  • Support for popular SMS gateways and SMNP servers to make it easier to automate alerts and notifications.
  • Project revision history tracking that allows you to restore workflows to previous versions.
  • RSA RADIUS Login methods with Two-Factor-Authentication using key fobs or token apps.
  • Additional logs and change history to track administrator user activity on the system.

View the complete list of version 5.2 enhancements on the GoAnywhere MFT release notes page.


Take a Proactive Approach to New PCI Standards

For some organizations, the 36 month lifecycle of new Payment Card Industry Data Security Standards (PCI DSS) can be a grueling schedule to tackle. With the release of PCI DSS 3.2 just around the corner, many organizations are trying to estimate the effort required to remain compliant. Wouldn't it be nice if there was a way to predict what was on the minds of the folks on the PCI Security Standard Council before the new standards were released? Well, there just might be a way.

In June, 2015, the Council published a document called The PCI DSS DESV (Designated Entities Supplemental Validation). Inside that document are "extra requirements" which apply to entities requiring "additional validation". These could be organizations that deal with Payment Card Data in large volume, serve as an aggregation point for cardholder data, or suffered significant or repeated breaches.

As folks in the world of security know, defense in depth is a rule we all live by. Extraordinary soon becomes ordinary. Exceptional soon becomes standard. Supplemental soon becomes required.

pci compliant future versionsThrough the DESV, it's possible to glimpse the future of PCI DSS.  By implementing these controls and processes, your organization gains even more protection than what is currently and commonly required. By doing so, you can prepare - to some extent - for the surprises lurking down the road. At the very least, your processes will be better defined and your controls will be more secure. Implementing best practices early could give you the competitive edge you need to respond quickly when those practices become required.

This idea is based on more than just speculation. In a Council blog, "Preparing for PCI DSS 3.2: What to Expect in 2016", posted on February 17, 2016, chief technology officer Troy Leach eluded to some updates in the standard they were considering, which included the following:

  • Multi-factor authentication for administrators
  • Incorporating some of the DESV criteria for service providers
  • Clarifying masking criteria for primary account numbers when displayed
  • Updating migration dates for SSL/early TLS that were published in December 2015

As a developer of enterprise managed file transfer and encryption solutions, Linoma Software remains vigilant in keeping up with the latest PCI DSS standards so we can help organizations to protect their most sensitive data assets and meet compliance requirements.


SHA-2 and TLS Security for AS2 Transfers

2016 is a pivotal year for organizations to upgrade the security used to protect their AS2 data transfers. In order to be compliant with the latest security standards, you need to be using a modern AS2 solution.

The End of SHA-1

SHA-1 (Secure Hash Algorithm) is a cryptographic hash algorithm created by the NSA and published in 1995. SHA-1 takes a message of any length and produces a 160-bit message digest. The message digest verifies the integrity of the message by comparing the hash that was calculated before and after message transmission. For example, the hash of a transmitted file is compared against the hash of the file before it was sent. If the hash values are the same, the file was not tampered with. If the hash values are different, the file was altered during transmission. In 2005, attacks have demonstrated the security in SHA-1 is weaker than intended, and a more secure SHA-2 standard was created. SHA-2 is actually a family of hash functions with hash values of 224, 256, 384, or 512 bits. Due to the stronger hash algorithms in SHA-2, Federal agencies have been directed to stop using SHA-1 and must use SHA-2. 2016 is the year software vendors are completing their migration to SHA-2. Google Chrome has begun displaying warning messages for SHA-1 certificates with expiration dates past January 1, 2016, and Microsoft instructed Certificate Authorities to stop issuing SHA-1 certificates earlier this year. Major organizations, like UPS, are requiring their AS2 trading partners to use SHA-2.

TLS

Transport Layer Security is a protocol that encrypts communications between client applications and servers. TLS is the successor to the Secure Sockets Layer (SSL) protocol version 3.0, and uses more advanced methods for message authentication, better alerting for problem certificates, and more robust cipher suites. After the POODLE vulnerability was discovered in late 2014, companies that are still using SSL instead of TLS are leaving themselves open to man-in-the-middle exploits. Google and Mozilla have already phased out the support of SSL 3.0 in Chrome and Firefox, and trading partners are demanding companies support TLS for AS2 transfers.

SHA-2 and TLS migration

GoAnywhere MFT fully supports SHA-2 and TLS for AS2 transfers. GoAnywhere is certified by the Drummond Group to validate our AS2 solution follows the RFC 4130 standard and is interoperable with other certified products. Using a Drummond Certified solution, and requiring your trading partners do as well, alleviates the challenges of AS2 and ensures your transfers fully meet the latest security standards. For more information on AS2 support in GoAnywhere MFT, visit the pages on our AS2 Client and AS2 Server.


Higher Education Centralizes Campus-wide Secure File Transfers

While some may not think institutions of higher learning are a hive of business transactions, the truth is that they need to move data files as much as any enterprise.

The big difference between corporations and higher education is that companies typically use a top-down approach when it comes to selecting and implementing IT solutions. Conversely, in a university system, the different business offices and departments are frequently selecting technology independent of one another.  This creates a unique challenge for post-secondary schools.

Compliance Gatekeeper

From admissions and financial aid to alumni relations and human resources, universities must meet data security and reporting compliance with HIPAA, PCI DSS, GLBA, FISMA and FERPA, to name a few. This positions a school's IT department as the central hub in maintaining secure connections between these independent systems and encrypting every file transfer sent to outside vendors and agencies.

Higher Education - Northwestern University logoTo help streamline this process, Northwestern University replaced their traditional FTP and file transfer scripts with an MFT (Managed File Transfer) solution that supports modern encryption standards and transmission protocols.

Scot Milford, Northwestern's distributed application platform service manager, was among those tasked with finding a new solution. "We decided we needed to look for an application with good but easy reporting and something that provided a framework for standardization and more structure," he remembers.

"I would say it's extremely flexible," states Ron Blitz, senior systems administrator in Northwestern's IT Administrative Systems Enabling Technologies department. "It's easy to construct a script-like process without writing any code. Customizing transfers specific to each trading partner takes minutes and is often just a simple 'drag-n-drop' or right-click away from being ready for Production."

To learn more about how Northwestern University is utilizing MFT to connect campus-wide systems and secure data exchanges with external trading partners, we invite you to read the "Higher Education Funnels Secure File Transfers Through GoAnywhere" case study.


Free FTP Server and Client Helps Businesses Improve Security and Audit File Transfers

GoAnywhere MFT's integrated FTP Server and Client for automating and auditing file transfers is now available as a Free Edition of the enterprise-class Managed File Transfer solution. 

GoAnywhere Managed File Transfer Free FTPThis free FTP software can be installed on a variety of platforms including Windows, Linux, Mac OS, UNIX and IBM i, providing flexibility to organizations of all sizes.  GoAnywhere MFT improves FTP security with features like AD authentication, granular folder permissions, password policies to comply with PCI DSS, brute force and DoS attack monitors, and IP blacklists/whitelists.

"Legacy FTP servers are lacking the security controls, user management and detailed audit logs needed to comply with regulations like PCI DSS and HIPAA" says Bob Luebbe, Chief Architect at Linoma Software.  "With the free edition, any organization can now take advantage of the comprehensive FTP features in GoAnywhere MFT."

Using the free FTP client from GoAnywhere, organizations can add automation to their file transfers.  The ability to schedule transfers and scan for new or modified files on local or remote systems reduces manual processes and the risk of human error.  This saves time and money while improving productivity through reliable data delivery.

The GoAnywhere FTP server makes it possible to set access controls and generate detailed audit logs on all file transfer activity.  This offers a layer of regulatory and policy compliance to organizations currently using FTP to exchange files with trading partners.

GoAnywhere MFT is an on-premise solution that provides centralized control over data access. There are no upfront costs or renewal fees for this fully scalable FTP solution. GoAnywhere MFT can be easily upgraded to meet the changing needs of any business through the purchase of secure file transfer protocols, integrated Open PGP encryption, advanced workflows and in-depth reporting.

This free software installs in minutes and is available for download from the GoAnywhere website at http://www.goanywhere.com/free-ftp.


What is AS2?

Applicability Statement 2 (AS2) is a popular file transfer protocol that allows businesses to exchange data with their trading partners.

AS2 combines the use of several secure and widely used technologies including HTTPS, SSL Certificates, S/MIME, and file hashing. By utilizing the strengths of each of them, AS2 has become the preferred protocol in many organizations for exchanging sensitive EDI files.

AS2 messages can be compressed, signed, encrypted and sent over an SSL tunnel making the file transfers very secure. And receipts can be sent back to the sender ensuring the messages were delivered successfully. The receipts can be digitally signed and will contain a checksum value that the sender will use to verify the message received is identical to what was sent.

Key Features of AS2

  • Message Encryption - By using the recipient's public certificate, the AS2 message contents can be encrypted to keep the data secure. Only the recipient will be able to decrypt the contents using their private certificate.
  • Digital Signatures - The message can be signed using the sender's private certificate which allows the recipient to verify the authenticity of the sender. The receipt that is sent back to the sender can also be signed to ensure the identity of the recipient's system. These digital signatures are used for message integrity and non-repudiation of origin. They are typically used in addition to authentication using a user name, password, and/or certificate.
  • Compression - In order to improve transmission time, compression can be added to decrease the size of the message.
  • Receipt - The Message Disposition Notification (MDN, which is commonly referred to as a receipt) plays an important role in AS2 as it acknowledges that the recipient received the message. It can also be used to verify the identity of the recipient when the receipt is signed. Receipts that are sent back immediately over the same connection are referred to as a synchronous MDN. Receipts can also be sent back at a later time in asynchronous mode. This allows the recipient to process and verify the data before sending back a status to indicate if the transaction was successful.
  • Message Integrity Check - The recipient will calculate a checksum of the message using MD5, SHA1, or a SHA2 hashing algorithm. This value is referred to as the MIC and is shared with the sender by placing it in the receipt. The sender will calculate a checksum as well using the same algorithm. These two values are then compared to guarantee that the message sent is identical to the message that was received.
  • Non-repudiation of Receipt -The use of signatures on the message and receipt creates a Non-Repudiation of Receipt (NRR) event, which is considered legal proof of delivery.

Challenges with AS2

Both organizations will need an AS2 solution in order to exchange data. Due to the complex nature of the AS2 protocol with encryption, signatures, and receipts; it is possible that there can be compatibility issues between two separate products. Fortunately, Drummond Group has a rigorous program that validates an AS2 product follows the RFC 4130 standard and is interoperable with other certified products. Using a Drummond Certified solution, and requiring your trading partners do as well, alleviates the challenges of AS2 and allows you to focus on the business aspects of data transfers.

GoAnywhere MFT™ is Drummond Certified™ for AS2 and supports SHA2 algorithms for stronger security, chunked transfer encoding to handle large files, multiple attachments per message, and filename preservation.